ACADEMIC RESEARCH

Abstract

In the past five years data security breaches have transformed from relatively unknown occurrences to widespread infiltrations of large corporations covered by the national media. While studies have been conducted regarding consumer sentiment after being affected by a "mega" data breach, none have attempted to understand how data breaches impact consumer behavior. The main objective of this paper is to uncover how direct or indirect experience with data breaches influences behavior. It is hypothesized that consumers who were directly impacted by data breaches will have taken the most severe steps to prevent further data security issues. A 77-question survey was created to compare behavioral actions taken by three consumer groups: those personally affected by data breaches, those indirectly affected, and those not affected. A Chi-Square analysis was conducted to determine if proportionate responses varied significantly between the groups. Results were surprising, showing that regardless of the means by which data breaches affected consumers (direct, indirect, or none) their data security behaviors remained statistically similar. This goes to show that consumers have not necessarily translated their negative past experiences with data breaches into actual behavioral changes. However, interesting findings were made with regards to how consumers use debit cards and social security numbers following a data breach. The hope is that with this information uncovered companies who provide data security services or who benefit from customers proactively securing data can better create pitches or programs that speak to behavior-indifferent consumers. This research allows for further study into the feelings and emotions that prevent consumers in these different groups from taking differing actions. It could also be replicated with the main focus on those directly impacted, and work to test ways companies can incentivize these consumers to change their behaviors for the better.